Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: crypto/tls: Implement RFC 7633 TLS Feature Extension #22274

Open
nhooyr opened this issue Oct 14, 2017 · 3 comments

Comments

Projects
None yet
5 participants
@nhooyr
Copy link
Contributor

commented Oct 14, 2017

A bit over a year ago, someone created an issue to add support for RFC 7633 TLS Feature Extension into crypto/tls but it was closed by @agl because he felt it was premature and that OCSP stapling wasn't really supported as a client in Go (not sure if that has changed?).

See #13074

It's been more than a year so I'm creating this issue to see what he thinks of it now.

@odeke-em odeke-em changed the title crypto/tls: Implement RFC 7633 TLS Feature Extension Proposal: crypto/tls: Implement RFC 7633 TLS Feature Extension Oct 14, 2017

@gopherbot gopherbot added this to the Proposal milestone Oct 14, 2017

@gopherbot gopherbot added the Proposal label Oct 14, 2017

@odeke-em

This comment has been minimized.

Copy link
Member

commented Oct 14, 2017

Another one for you s'il vous plait @agl.

@agl

This comment has been minimized.

Copy link
Contributor

commented Oct 14, 2017

Firstly, there's nothing stopping you from using ExtraExtensions and Extensions to implement this if you wish in crypto/x509, the question is really whether OCSP stapling, must-staple etc should be wound throughout the code. Probably as both a client and server if we're going to do a good job of it.

Firefox supports must-staple now and Chrome has Expect-stable support. I think Cloudflare have it on blog.cloudflare.com.

So it's plausible, but a bigger job than can reasonably happen in the 1.10 cycle.

@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

commented Mar 19, 2018

Proposal accepted based on @agl's comment. Please go ahead and send in an implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.